[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[   19.631280] random: sshd: uninitialized urandom read (32 bytes read)
[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   23.749265] random: sshd: uninitialized urandom read (32 bytes read)
[   24.089213] random: sshd: uninitialized urandom read (32 bytes read)
[   24.933673] random: sshd: uninitialized urandom read (32 bytes read)
[   25.110053] random: sshd: uninitialized urandom read (32 bytes read)
Warning: Permanently added '10.128.0.50' (ECDSA) to the list of known hosts.
[   30.578650] random: sshd: uninitialized urandom read (32 bytes read)
[   31.159392] ------------[ cut here ]------------
[   31.164432] refcount_t: underflow; use-after-free.
[   31.169619] WARNING: CPU: 1 PID: 4568 at lib/refcount.c:187 refcount_sub_and_test+0x2e7/0x350
[   31.178301] Kernel panic - not syncing: panic_on_warn set ...
[   31.178301] 
[   31.185668] CPU: 1 PID: 4568 Comm: syz-executor005 Not tainted 4.18.0-rc3+ #134
[   31.193097] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   31.202436] Call Trace:
[   31.205031]  dump_stack+0x1c9/0x2b4
[   31.208649]  ? dump_stack_print_info.cold.2+0x52/0x52
[   31.213849]  panic+0x238/0x4e7
[   31.217032]  ? add_taint.cold.5+0x16/0x16
[   31.221181]  ? __warn.cold.8+0x148/0x1ba
[   31.225251]  ? __warn.cold.8+0x117/0x1ba
[   31.229320]  ? refcount_sub_and_test+0x2e7/0x350
[   31.234069]  __warn.cold.8+0x163/0x1ba
[   31.237946]  ? refcount_sub_and_test+0x2e7/0x350
[   31.242704]  report_bug+0x252/0x2d0
[   31.246326]  do_error_trap+0x1fc/0x4d0
[   31.250204]  ? math_error+0x3e0/0x3e0
[   31.253992]  ? vprintk_default+0x28/0x30
[   31.258039]  ? vprintk_func+0x81/0xe7
[   31.261826]  ? printk+0xa7/0xcf
[   31.265097]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   31.269935]  do_invalid_op+0x1b/0x20
[   31.273741]  invalid_op+0x14/0x20
[   31.277185] RIP: 0010:refcount_sub_and_test+0x2e7/0x350
[   31.282875] Code: 89 de e8 6c b5 1c fe 84 db 74 07 31 db e9 46 ff ff ff e8 8c b4 1c fe 48 c7 c7 c0 41 1a 88 c6 05 96 65 3a 06 01 e8 59 d7 e7 fd <0f> 0b 31 db e9 25 ff ff ff 48 8b bd 28 ff ff ff 89 85 34 ff ff ff 
[   31.302183] RSP: 0018:ffff8801d8f57780 EFLAGS: 00010286
[   31.307649] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
[   31.314924] RDX: 0000000000000000 RSI: ffffffff81631851 RDI: 0000000000000001
[   31.322726] RBP: ffff8801d8f57868 R08: ffff8801d8a40440 R09: ffffed003b5e4fc0
[   31.330022] R10: ffffed003b5e4fc0 R11: ffff8801daf27e07 R12: 00000000ffffffff
[   31.337319] R13: ffff8801d8f57840 R14: 0000000000000001 R15: 0000000000000000
[   31.344620]  ? vprintk_func+0x81/0xe7
[   31.348428]  ? refcount_inc_not_zero+0x2f0/0x2f0
[   31.353175]  ? graph_lock+0x170/0x170
[   31.356979]  refcount_dec_and_test+0x1a/0x20
[   31.361385]  smap_release_sock+0x76/0x320
[   31.365561]  ? sock_map_alloc+0x410/0x410
[   31.369704]  sock_hash_ctx_update_elem.isra.27+0x8cb/0x1690
[   31.375408]  ? sock_map_free+0x530/0x530
[   31.379464]  ? rcu_is_watching+0x8c/0x150
[   31.383619]  ? rcu_report_qs_rnp+0x7a0/0x7a0
[   31.388028]  ? __fget+0x414/0x670
[   31.391470]  ? expand_files.part.8+0x9c0/0x9c0
[   31.396043]  ? find_held_lock+0x36/0x1c0
[   31.400108]  sock_hash_update_elem+0x157/0x2f0
[   31.404681]  ? bpf_sock_hash_update+0x90/0x90
[   31.409169]  ? kasan_check_read+0x11/0x20
[   31.413306]  ? rcu_is_watching+0x8c/0x150
[   31.417466]  ? rcu_report_qs_rnp+0x7a0/0x7a0
[   31.421866]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   31.427485]  ? bpf_sock_hash_update+0x90/0x90
[   31.431977]  map_update_elem+0x5c4/0xc90
[   31.436382]  __x64_sys_bpf+0x32d/0x510
[   31.440270]  ? bpf_prog_get+0x20/0x20
[   31.444065]  ? do_syscall_64+0x9a/0x820
[   31.448032]  do_syscall_64+0x1b9/0x820
[   31.452562]  ? syscall_return_slowpath+0x5e0/0x5e0
[   31.457520]  ? syscall_return_slowpath+0x31d/0x5e0
[   31.462491]  ? entry_SYSCALL_64_after_hwframe+0x59/0xbe
[   31.468453]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   31.473622]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   31.478844] RIP: 0033:0x445919
[   31.482040] Code: e8 4c b6 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb 51 00 00 c3 66 2e 0f 1f 84 00 00 00 00 
[   31.501251] RSP: 002b:00007f9e3a914db8 EFLAGS: 00000297 ORIG_RAX: 0000000000000141
[   31.508949] RAX: ffffffffffffffda RBX: 00000000006dac24 RCX: 0000000000445919
[   31.516643] RDX: 0000000000000020 RSI: 0000000020000180 RDI: 0000000000000002
[   31.523910] RBP: 00000000006dac20 R08: 0000000000000000 R09: 0000000000000000
[   31.531189] R10: 0000000000000000 R11: 0000000000000297 R12: 0000000000000000
[   31.538456] R13: 00007fff0e5b867f R14: 00007f9e3a9159c0 R15: 0000000000000009
[   31.546343] Dumping ftrace buffer:
[   31.550032]    (ftrace buffer empty)
[   31.553729] Kernel Offset: disabled
[   31.557354] Rebooting in 86400 seconds..